Pass ISO-9001-Lead-Auditor Exam Guide

Top management is responsible for establishing, implementing, and maintaining the quality policy. The quality policy provides a framework for setting quality objectives and must be compatible with the context of the organization and support its strategic direction. It should also provide a commitment to satisfy applicable requirements and to continuous improvement.

Comprehensive and Detailed In-Depth Explanation:

Audit risks are categorized into different types based on where failures may occur in the QMS audit process.

Clause References:

ISO 19011:2018, Clause 6.3 – Managing Audit Risk: Defines different audit risks, including control risk.

Why is the Correct Answer A?

Control risk occurs when internal controls fail to prevent or detect nonconformities.

Even if controls exist, the risk remains if the QMS fails to identify or correct defects.

Why are the Other Options Incorrect?

B (Inherent risk) → This refers to risks naturally present in processes, even before controls are applied.

C (Detection risk) → This is the risk that an auditor fails to detect nonconformities.

D (Operational risk) → This refers to risks related to day-to-day business operations, not QMS audits.

Comprehensive and Detailed In-Depth Explanation:

ISO 9001:2015, Clause 4.3 (Determining the Scope of the Quality Management System) states that when determining the QMS scope, an organization must consider:

External and internal issues (Clause 4.1)

The needs and expectations of interested parties (Clause 4.2)

The products and services provided by the organization

In the scenario, Bell only considered top management's input, which fails to address Clause 4.2 (interested parties' expectations)—such as customers, suppliers, and regulatory authorities.

According to ISO 19011:2018, clause 6.3.2, an audit plan should include the following information:

The audit objectives, scope, and criteria

The audit team members and their roles and responsibilities

The audit schedule, including the sequence and timings of audit activities, such as opening meeting, document review, interviews, observations, closing meeting, etc.

The expected time and duration of each audit activity and location

The name and contact details of the auditee’s representative and other relevant parties

The allocation of appropriate resources to support the audit activities

The audit methods and techniques to be used, such as interviews, observations, sampling, etc.

The audit documents and records to be prepared and retained

The audit language and communication methods

The audit risks and opportunities and how to address them

The audit follow-up arrangements, if applicable

Therefore, the correct answer is D and F, as they are essential elements of an audit plan. The other options are either irrelevant or optional for an audit plan. References:

ISO 19011:2018(en), Guidelines for auditing management systems, clause 6.3.2

ISO 19011: Guidelines for Auditing Management Systems | ASQ, section “Making audit arrangements”

ISO 19011 Management Systems Audit Checklist | Process Street, task 6.3.2